package com.paso.security.springmvc.inteceptor;

import com.paso.security.springmvc.model.UserDto;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;


/**
 * 请求URL拦截器
 */
@Component
public class SimpleAuthenticationInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 在这个方法中校验用户请求的url是否在用户的权限范围内

        // 取出身份信息
        Object attribute = request.getSession().getAttribute(UserDto.SESSION_USER_KEY);
        if (attribute == null){
            // 没有认证，提示登录
            writeContent(response, "请登录");
        }

        // 把身份信息强转为UserDto
        UserDto userDto = (UserDto) attribute;

        // 取出URI
        String requestURI = request.getRequestURI();

        // 校验
        if (userDto.getAuthorities().contains("p1") && requestURI.contains("/r/r1")){
            return  true;
        };

        if (userDto.getAuthorities().contains("p2") && requestURI.contains("/r/r2")){
            return  true;
        };

        // 没有权限
        writeContent(response,"没有权限，拒绝访问");

        return false;
    }

    // 响应给客户端
    private void writeContent(HttpServletResponse response, String msg) throws IOException {
        response.setContentType("text/html;charset=utf-8");
        PrintWriter writer = response.getWriter();
        writer.println(msg);
        writer.close();
        response.resetBuffer();
    }


}
